Beautiful Trade/Single Use and Multiple-Use Virtual Cards

From WikiContent

A recent trend in cardholder security comes via virtual cards. Companies such as PayPal,
MBNA, and Citi are among some of the larger competitors in this space.

A virtual card is used in card-not-present transactions just like a regular credit card, and it is
processed by the merchant in exactly the same manner. In fact, the merchant is not even aware
that this card is virtual, and thus treats it with the same care as the other card account numbers
going through the merchant systems.

How virtual cards work

Each supplier differs slightly in its implementation of virtual cards, but there are essentially
two variants: single-use and multiple-use virtual cards. Both types are usually generated “on the fly” via a cardholder request. An existing card account holder requests a virtual card from
her virtual card provider for use on a particular e-commerce site. The provider supplies the
account holder with a virtual card number, including an expiration date and CV2 security code.
A single-use card can be used for a single transaction involving a limited payment. These cards
typically expire in a matter of weeks or less and can be used only with the merchant designated
during the cardholder’s request. Thus, lost or stolen information rapidly becomes invalid and
worthless to the attacker.
Multiple-use virtual cards are also available through many virtual card providers. These allow
for use cases where recurring charges apply, such as paying a monthly bill. Multiple-use cards
still carry with them many of the security features of their single-use equivalents, such as being
valid with a single merchant and containing limited monthly charge caps. If a multiple-use
virtual card is lost or stolen, an attacker could use the card only at that merchant and only for
the authorized amount of the recurring charge. This mitigates a great deal of fraud.